Attention all Knifemakers!.....Product dealers/retailers and/or knife makers/sharpeners/hobbyists (etc) are not permitted to insert business related text/videos/images (company/company name/product references) and/or links into your signature line, your homepage url (within the homepage profile box), within any posts, within your avatar, nor anywhere else on this site. Market research (such as asking questions regarding or referring to products/services that you make/offer for sale or posting pictures of finished projects) is prohibited. These features are reserved for supporting vendors and hobbyists.....Also, there is no need to announce to the community that you are a knifemaker unless you're trying to sell something so please refrain from sharing.
Thanks for your co-operation!

If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Software developer here. Golden rule of backup is 3 copies at least one of which should be on second location.

In general about encryption - every encryption is susceptible to thermorectal/rubberhose cryptoanalysis. So if someone is really interested and don't mind doing a few felonies they will get the info just by beating the keys out of you. In that case you need obscurity too - the entity should not now you even posses it.

A little about NSA and encryption - there are two main kinds of encryption. Symmetrical and asymmetrical. The first is used for data storage, the later for web security, bank transfers, electronic signings. The second is vulnerable because it is relying on math quirks - so NSA probably could hide a few aces up their sleeves. The symmetrical is very different beast - is usually uses a lot of very simple math operations (plus, rot, xor) scrambling data lots and lots of times and there aren't many theoretical attacks that could be used.

What NSA and the likes usually do is use vulnerabilities in the implementation of the algorithms and the operating systems/browsers themselves. So unpatched computer is greater danger than the NSA ability to crack the key. If you have something that may get their attention - make an airgap. On https://www.schneier.com/ there are some very good tutorials and explanations.

A good home setup is you create a truecrypt volume with a strong key/strong passphrase that you mount and fill. Then store it in some cloud storage, on your hard and on a flash if needed. Or external hard drive. It is pretty secure and simple to use. And due to the way dropbox and the other operate - if you change something inside you will only sync the changed parts.

I largely keep mine on paper. And I don't always record it correctly on the sheets on purpose, but I know my patterns so I can still fill in the blanks for my use. This way if someone finds my sheet of paper among thousands in my house, they will still have to decipher them to some degree. I've gone retro, but I used to keep them on key drives encrypted.

I also create a system where I often don't know my own passwords. I simply shift my fingers over, up, or down on the keyboard and type a common long phrase. Your fingers will respond to muscle memory while typing and you don't even need to look at the screen or keyboard, and that is it: you now have a password that even you don't know. I kid you not when I say that I have not known my password for gmail for the last four years and yet access it multiple times a day (I also never save my important passwords to my computer). It does really suck though when you try to log in on a mobile device.

Lastly, I used to work anti-fraud in a couple of different fields, and it is useful to keep in mind a couple of things: (1) fraud/theft usually seeks out low transaction cost. Difficult and expensive fraud is usually conducted less often, and in conjunction with that (2) value is also important. Fraud is still a business, and seeking out higher value targets versus cost is often more worth while. Would you want to hack someone's account with a nice expensive zip code or someone on the other side of the tracks? Redlining was a frowned-upon practice, but somehow I don't think hackers give a crap.

Also, for example, US debit cards have had horrible security (compared to Europe) for 10+ years [low transaction cost] and often did not provide the same protections/security that credit cards did and ALSO linked directly to bank accounts [high value]. I never use or used debit cards at transaction terminals. I think it is no surprise that the Target breach involves a company with extensive debit card issuance that links to people pins and bank accounts. Now in Minnesota it is finally required to use a pin with all debit card transactions. We are only 15 years behind Europe on this one. Bravo.

Anyhow, I am rambling -- but any system IMO can be hacked. The more high-tech you go, you can also get beat in some other low-tech way. Target debit card holders who did everything right still had their information compromised regardless of how they stored their data on some flash drive (or in my case: a piece of paper).

Just as a side story: I remember watching Penn and Teller (the comedians) on a TV show once and they talked about a magic trick on Letterman that they did once. Their response when asked how it was done was something to the effect: "As long as you can pay a very small man some money to sit in a cramped box with his hand in a fish for 20 minutes, you can pull off most any trick."

There is always some way to do get it done: the best you can do is try to raise that transaction cost as much as possible so people have a hard time doing it.